Options: --targets= A file containing a list of hosts to check. Hosts can be supplied with ports (i.e. host:port). --no-failed List only accepted ciphers (default is to listing all ciphers). --ssl2 Only check SSLv2 ciphers. --ssl3 Only check SSLv3 ciphers. --tls1 Only check TLSv1 ciphers. --pk= A file containing the private key or a PKCS#12 file containing a private key/certificate pair (as produced by MSIE and Netscape). --pkpass= The password for the private key or PKCS#12 file. --certs= A file containing PEM/ASN1 formatted client certificates. --xml= Output results to an XML file. --version Display the program version. --help Display the help text you are now reading.Example: sslscan 127.0.0.1

Ok here is a generic run without any flags, against our target website. Of course the output has been truncated and a little bit munged.

So a generic run returns a lot of information. We learn the properties such as validity, CNCDPOSCP even the EV attributes are returned.

Note: This information is all publicly available. This tool just presents said info in a nice format such as .xml files, using the --xml=file flag, where file is the name to save as.

The other flags above can be used to further refine the output. One of the more important ones is the --no-failed flag which only lists accepted ciphers (see output above), the default of course is to list them all. The ssl2, ssl3, and tls1 flags of course will check for and list only those ciphers defined. If you have several servers to check on then you can also pass a list to sslscan using the --targets=file flag. The other flags are pretty self explanatory.

So the question become "Why is any or all of this important?" Well easy. When auditing servers you may find ones that use weak cypher or protocols, think NULL cipher, or SSLv1.